CVE-2008-3963

EUVD-2008-3948
MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
mysqlmysql
5.0.0
mysqlmysql
5.0.1
mysqlmysql
5.0.2
mysqlmysql
5.0.3
mysqlmysql
5.0.4
mysqlmysql
5.0.5
mysqlmysql
5.0.5.0.21
mysqlmysql
5.0.10
mysqlmysql
5.0.15
mysqlmysql
5.0.16
mysqlmysql
5.0.17
mysqlmysql
5.0.20
mysqlmysql
5.0.22.1.0.1
mysqlmysql
5.0.24
mysqlmysql
5.0.30
mysqlmysql
5.0.36
mysqlmysql
5.0.44
mysqlmysql
5.0.54
mysqlmysql
5.0.56
mysqlmysql
5.0.60
mysqlmysql
5.1.5
mysqlmysql
5.1.23
oraclemysql
5.0.0:alpha
oraclemysql
5.0.6
oraclemysql
5.0.23
oraclemysql
5.0.25
oraclemysql
5.0.26
oraclemysql
5.0.30:sp1
oraclemysql
5.0.32
oraclemysql
5.0.33
oraclemysql
5.0.38
oraclemysql
5.0.41
oraclemysql
5.0.42
oraclemysql
5.0.45
oraclemysql
5.0.50
oraclemysql
5.0.51
oraclemysql
5.0.52
oraclemysql
5.1
oraclemysql
5.1.1
oraclemysql
5.1.2
oraclemysql
5.1.3
oraclemysql
5.1.4
oraclemysql
5.1.6
oraclemysql
5.1.7
oraclemysql
5.1.8
oraclemysql
5.1.9
oraclemysql
5.1.10
oraclemysql
5.1.11
oraclemysql
5.1.12
oraclemysql
5.1.13
oraclemysql
5.1.14
oraclemysql
5.1.15
oraclemysql
5.1.16
oraclemysql
5.1.17
oraclemysql
5.1.18
oraclemysql
5.1.19
oraclemysql
5.1.20
oraclemysql
5.1.21
oraclemysql
5.1.22
oraclemysql
6.0.0
oraclemysql
6.0.1
oraclemysql
6.0.2
oraclemysql
6.0.3
oraclemysql
6.0.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mysql-dfsg-5.0
dapper
Fixed 5.0.22-0ubuntu6.06.11
released
feisty
ignored
gutsy
Fixed 5.0.45-1ubuntu3.4
released
hardy
Fixed 5.0.51a-3ubuntu5.4
released
intrepid
not-affected
Common Weakness Enumeration
References
http://bugs.mysql.com/bug.php?id=35658
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://secunia.com/advisories/31769
http://secunia.com/advisories/32759
http://secunia.com/advisories/32769
http://secunia.com/advisories/34907
http://secunia.com/advisories/36566
http://www.debian.org/security/2009/dsa-1783
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
http://www.openwall.com/lists/oss-security/2008/09/09/4
http://www.openwall.com/lists/oss-security/2008/09/09/7
http://www.redhat.com/support/errata/RHSA-2009-1067.html
http://www.redhat.com/support/errata/RHSA-2009-1289.html
http://www.securitytracker.com/id?1020858
http://www.ubuntu.com/usn/USN-1397-1
http://www.ubuntu.com/usn/USN-671-1
http://www.vupen.com/english/advisories/2008/2554
https://bugs.gentoo.org/237166
https://exchange.xforce.ibmcloud.com/vulnerabilities/45042
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521
http://bugs.mysql.com/bug.php?id=35658
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html
http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://secunia.com/advisories/31769
http://secunia.com/advisories/32759
http://secunia.com/advisories/32769
http://secunia.com/advisories/34907
http://secunia.com/advisories/36566
http://www.debian.org/security/2009/dsa-1783
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
http://www.openwall.com/lists/oss-security/2008/09/09/4
http://www.openwall.com/lists/oss-security/2008/09/09/7
http://www.redhat.com/support/errata/RHSA-2009-1067.html
http://www.redhat.com/support/errata/RHSA-2009-1289.html
http://www.securitytracker.com/id?1020858
http://www.ubuntu.com/usn/USN-1397-1
http://www.ubuntu.com/usn/USN-671-1
http://www.vupen.com/english/advisories/2008/2554
https://bugs.gentoo.org/237166
https://exchange.xforce.ibmcloud.com/vulnerabilities/45042
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521